Where do I put supersede dhcp-lease-time for WAN?

Mastiff

@johnpoz Actually it's 100 % reproduceable. There is a Norwegian thread about Telenor's T-We IPTV with a great howto. Until a few months ago that had been working for a year without a hitch. Suddenly Telenor changed something, which meant that one single channel (the public service/state channel NRK1, where the main Norwegian news are on every day at 19, and then local news, which is mostly what I watch) stops working after a number of days. I'm not really sure how long because we are only sporadically in that apartment. I'm not there now (won't be at least for a week or two), so I don't really have any way to check if it changes the IP address, I suddenly remembered my dyndns.com redirect to the house (for VPN tunnel), so I could check the logs there, it doesn't change the IP but it is the only thing besides a full reboot of the pfSense box that makes NRK1 work again. I prefer not to do a full reboot since nothing else is acting up at all, everything else is 100 % stable. I'm very much a "band-aid on paper cuts" man, not an "open heart surgery on paper cuts" man.

So do I simply copy in "supersede dhcp-lease-time 86400;" (without the quotes of course) in the field and click save? Like this:

Sorry if I need it in with teaspoons, I just need to be absolutely sure, or I'll have to get to town to the house to fix Internet for the (very much non techie) renters, and my wife has the car to work for a late shift (nurses assistant at an old people's home).

johnpoz

@mastiff I am not sure if there is anything special you have to do there.

But before changing that - look in your lease file. is it renewing, if so how often?

If its renewing and your still having the problem, not sure how renewing it more often is going to fix it.. If your saying it stops working after a few days.

Unless your renewing only every like 4 days or something... Look in your lease file to see how often its actually renewing, and what the current lease time is, etc.

Mastiff

@johnpoz The file /var/db/dhclient.leases.em0 is there, but it's empty. There's one called re0 with info like:

lease {
  interface "re0";
  fixed-address (not going to tell anybody that...);
  option subnet-mask 255.255.252.0;
  option routers 85.164.24.1;
  option domain-name-servers 148.122.164.253,148.122.16.253;
  option domain-name "bb.online.no";
  option dhcp-lease-time 1200;
  option dhcp-message-type 5;
  option dhcp-server-identifier 88.91.127.1;
  renew 3 2022/1/19 11:47:58;
  rebind 3 2022/1/19 11:55:28;
  expire 3 2022/1/19 11:57:58;
}

It seems to be renewing every ten miutes. Which probably means you're right (as I guess you normally are), it's the actually unbind and then rebind process that does it, not the DHCP renewal. So it seems like I need a way to release, wait a few seconds and then renew. I have no idea what has created this problem, but doing that fixes it. Is it possible to automate that in a way? Perhaps running it 04 every night, so I avoid annoying my tenants?

johnpoz

@mastiff if I had to guess.. With such a low lease, is it actually renewing.. Or is it failing to renew, and then having to do a discover.

When you actually loose a lease, and have to do a discover again - its possible there is a interruption in service.

Such a low lease time is nuts on anything other than say a really over crowded wifi network or something where you have way too many clients than actual leases to hand out.. And your wanting to make sure you get leases back asap when a client is no longer there.

I would look in your dhcp log do you see your wan renewing or having to discover and get IP, even if the same one.

good thing with such a short lease - as you should see plenty of entries in the log. It is possible that if they honor a longer request that changing your requested dhcp lease time could have it renew less often.

Mastiff

@johnpoz That was from my log, I think. At least it shows the outside IP address. And it does renew every ten minutes.

I haven't changed anything on my side, so it has to mean that the ISP forces those updates. On my DHCP server the box for lease time is empty (of course that probably doesn't have anything to do with the DHCP client), and I have not put in anything as far as I know for the DHCP client lease time. In comparisment I can see on my Netgate box here at the cabin that the lease time for the fibre there seems to be around two hours.

Maybe I should try that supersede option modifyer to make it renew less, not more? Oh, and one of the other guys in the Norwegian forum has the same problem, so it's not just my system.

johnpoz

@mastiff said in Where do I put supersede dhcp-lease-time for WAN?:

At least it shows the outside IP address. And it does renew every ten minutes.

that is not the log, that is the lease.. You need to look in the log to see if actually renewing, with a lease time of 1200, seconds it should renew like every 5 minutes.. edit: doh, 1200 seconds is 20 minutes, so your right 600 second renewal would be every 10 minutes.

Let me find a wan renew in my log and show you what you should be looking for - brb

edit: ok filter your dhcp log on client, and you should see what is going on with your wan renewal, and timing, and if it has to discover, etc..

See those 2 requests there, they are 12 hours apart - which is what it should be for my 24 hour lease I get.

Its really odd that if your renewing so often that you would have issues, unless the issue presents its self when the renew fails say every few days, and the discover process is what causes the issue your seeing.. A look to the log for what is going on with your renew process could shed some light on what is going on.

Problem is, even if you supersede the lease time, since they are handing out such short ones - you could run into the problem with their dhcpd saying oh this guy didn't renew in 1200 seconds. That lease is free, and give it to someone else - then you have a real mess.. If you want to renew less often you really need to request a longer lease. So that they do not hand it out to someone else if it expires.

Gertjan

@mastiff said in Where do I put supersede dhcp-lease-time for WAN?:

The file /var/db/dhclient.leases.em0 is there, but it's empty. There's one called re0 with info

Oh nice. You've got a Realtek NIC (re0) as a WAN.
And a em0, probably a Intel lookalike.
Add this to your list : swap the em0 - probably the LAN interface with the WAN.

DHCP servers that hand out 10 minute leases .... you should go look elsewhere. This is just broken.

johnpoz

@gertjan maybe they are in the process of changing IP ranges for their clients? ;) Maybe they did and someone forget to put the lease time back to something sane...

But yeah 20 min lease time seems a bit nuts.. Why would they want so much traffic? Yeah dhcp isn't all that much but multiply that by 20K customers.. or 100k.. And your talking some traffic for no reason..

Mastiff

@Gertjan I see no reason to change something that's been totally stable (100 %, actually) since 2016! This problem, which is the only problem I have, has nothing to do with my setup. People with totally different setups, but using pfSense, have the exact same problem.

johnpoz

@mastiff said in Where do I put supersede dhcp-lease-time for WAN?:

since 2016

So your saying their lease time has always been 20 minutes? That 1200 seconds?

I have been using pfsense for like 12 years, multiple ISPs never had any issues what so ever with dhcp.. Ever.. There are 100's of thousands of pfsense deployments - I don't see any mass complaints on the boards that dhcp is broken or breaks every few days, etc. etc..

Now sure now and then you get some complaints that dhcp having issues, most of the time its users getting dhcp from their modem while their connection has gone offline and they get a 192.168.100 address..

If you your on a 20 minute lease, and something wrong and it doesn't renew and then causes a blip every time it had to do a discover, etc. Then you would have issues every 20 minutes, not every few days.. So while something is ODD or not quite right, etc. I don't see it as something not right with pfsense.. Maybe your isp only lets you renew X number of times before they force you to discover? The log when you see the problem, and then the log right after you do what release and renew and its back to normal could be helpful in tracking down what the actual issue is. I think his point of changing isp, not really a serious one to be honest ;) More like what the F is wrong with this isp that they would set a 20 minute lease time.. ;) Find a different isp that not so insane ;)

Sure setting a 20 min lease should work, and it should work from now til doomsday really.. But it just a crazy amount of extra traffic for no reason.. Unless like said they are over subscribed on IPs and trying to keep their IPs free as possible by kicking clients out of the pool when they don't renew.. Ie their box has been off for 20 minutes.. I just don't get why any isp would want to generate extra traffic like that? Hand ful of devices no big deal but most isps have 1000's and and 1000's of clients using the same dhcp server, etc. A renew every 10 minutes vs say every 12 hours is crazy amount of traffic - for why?

Mastiff

@johnpoz I have no idea what the lease time has been, this is the first time I've ever looked at it, I have never had reason to before. And I haven't said that pfSense has as DHCP problem, it has always worked as it should, the ONLY thing that has a problem is that one channel on the T-We-box, same channel as other people has pfSense has a problem with.

But I'm guessing that the lease time really is that short. Just now I found out that you hadn't actually posted a new message about the log after that "brb", which I was waiting for, you had edited the original message, and I never saw that, sorry. Here's the info from my log:

Btw I have been using M0n0wall (which pfSense is a fork of) and then pfSence for almost 20 years (Kasper released the first version of M0n0wall in 2003, if I'm not mistaken). And I have never really found any problems that where in the firewall, all problems have been in my ISDN, DSL cable and now fibre modems, ISPs or my own servers.

johnpoz

@mastiff yeah that looks completely normal for a lease of 20 minutes..

So when you have an issue with this 1 channel. And you do what you do with these - do you get another IP, or the same.. Do you do discover vs a renew? its possible something in their system dies out after x amount of time unless you do a discover.. But what you posted from your log is exactly what you would see for a 20 minute lease and a normal renew of that lease at the 50% mark..

Mastiff

@johnpoz I get the same address it seems. Is there a script command or something that I could use to release the address, wait five seconds and then renew the address? I'm pretty sure doing that at say 04 every night would solve the whole thing, since it's solved by doing that manually.

Or even better, an HTTP command I could send from my home automation (with POST message) that will do it? In that case I could also have a button in the living room so my wife could press it whenever NRK1 isn't working, and then the system would do the rest?